Forrester has just completed a comprehensive assessment of vulnerability management products. The Forrester Vulnerability Management Wave report is now live. If you are a subscriber, please see here for the full report.

In Forrester’s 53-criteria evaluation of vulnerability management vendors, we found that the market is rife with mature products. In particular, we found that Qualys leads, with Rapid7, McAfee, nCircle, and Lumension following as Leaders.

Qualys showed itself to be the leader of the pack in this evaluation. Qualys pioneered the SaaS hybrid delivery model of vulnerability management, combining fully-managed scanner applications with a security console hosted in the Qualys cloud. Once considered radical, this service model is now used by some of the largest organizations in the world. Qualys delivers vulnerability assessment, application-level scanning, and configuration compliance auditing. It’s worth noting that their offering provides concrete mappings from a wide list of regulations to actual IT controls.

We found several other vendors offering competitive solutions. Rapid7 is the up-and-comer, with an impressive 50%-plus year-over-year growth over the last two years. In addition to its solid technology, it is the only vendor in this evaluation whose application-scanning capabilities can handle Ajax and Web 2.0 technologies. Rapid7 recently signed OEM deals with two of the largest security and service vendors in the industry, which should give them a boost in the market.